Reference: Trends user role scenarios

You can use Tanium role-based access control (RBAC) to restrict access to boards and sources that appear in Trends and other Tanium solutions. In Trends 3.0 or later, you can use Tanium role-based access control (RBAC) to restrict access to boards and sources that appear in Trends and other Tanium solutions. Using RBAC for Trends boards is optional; by default, all Trends boards and sources are available to all users with predefined Trends roles.

If you decide to use RBAC, use a development environment to set up RBAC and test access to restricted content. Make sure that users with proper permissions can access restricted content, and that users without permission cannot access the restricted content. Do not test with users that have the Trends Administrator permission, because those users have unrestricted access to all boards and sources.

Set up a content set for testing

  1. Create a content set named Trends Sandbox.
  2. Create a module role named Trends Sandbox User.
  3. Assign the following Trends permissions to Trends Sandbox User.
    • To emulate a Trends Author on the Trends Sandbox content set:
      • Show Trends
      • Trends Data read on the Trends Sandbox content set
      • Trends API Board read on the Trends Sandbox content set
      • Trends API Board write on the Trends Sandbox content set
      • Trends API Source read on the Trends Sandbox content set
      • Trends API Source write on the Trends Sandbox content set
    • To emulate a Trends Board Viewer on the Trends Sandbox content set:
      • Trends

        show
      • Trends Data read on the Trends Sandbox content set
      • Trends API Board read on the Trends Sandbox content set
  4. Assign the Trends Sandbox User role to your test users.

    If you do not want the users to see default Trends content, only grant the users the Trends Sandbox User role and do not assign them any predefined Trends roles.

  5. Create sources and boards in Trends and assign them to the Trends Sandbox content set.

    If no author roles exist, create sources and boards with a Trends Administrator account that can assign the sources and boards to the Trends Sandbox content set.

Use case 1

A user needs to view and create boards, sources, and panels for a particular content set, but without unnecessary permissions that module roles provide. For instance, you can give a user permission to the Patch content set, without also providing permission to the Patch workbench.

  • Create an Advanced Role:
    • Enable Ask Dynamic Questions.
    • Add Sensor read permission and grant the applicable content set.
    • Add Saved Question write permission and grant the applicable content set.
  • Create a Grant Module Role:
    • Add Trends show permission.
    • Add Trends API Board read permission and grant the applicable content set.
    • Add Trends API Board write permission and grant the applicable content set.
    • Add Trends API Source read permission and grant the applicable content set.
    • Add Trends API Source write permission and grant the applicable content set.
    • Add Trends Data read permission and grant the applicable content set.
  • Add both roles to the user or user group.

Use case 2

Grant permission to a module user to read and write boards and sources in a content set.

  • Create a Grant Module Role:
    • Add Trends show permission.
    • Add Trends API Board read permission and grant the applicable content set.
    • Add Trends API Board write permission and grant the applicable content set.
    • Add Trends API Source read permission and grant the applicable content set.
    • Add Trends API Source write permission and grant the applicable content set.
    • Add Trends Data read permission and grant the applicable content set.
  • Add the new role to the user or user group.

Use case 3

Grant a user view-only permission to boards and sources in a content set.

  • Create a Grant Module Role:
    • Add Trends show permission.
    • Add Trends API Board read permission and grant the applicable content set.
    • Add Trends Data read permission and grant the applicable content set.
  • Add the new role to the user or user group.